Ensuring Security of Cloud-based Platform

The Client's Profile

The client is a leading HR Consulting Firm in India. They provide HR Outsourcing Services like Payroll Execution and Employee Lifecycle Management solutions using the Software-as-a-Service (SaaS) platform. In 2002, our client led the way for e-filling income tax returns for the Department of Income Tax in India. The company set the benchmark for outsourcing HR solutions and become the first provider offering online, semi-online and offline services to corporate and salaried individuals for their income tax and finance-related solutions.

Challenges Faced by the Client

Our client, one of the reputed IT service-providing companies did great work at simplifying critical operations for its clients by offering solutions based on cloud computing. However, the firm was constantly plagued by the idea of security attacks that most online clouds are vulnerable to. The attacks may include Internet malice like:

Session Hijacking

Data Loss through Malware

Denial of Service

Buffer Overflow

Injection

To protect their cloud from such threats seemed like a daunting task and they were constantly striving towards formulating a robust strategy that could prevent against them.

Client's Key Security Concerns

Bringing prevailing IT practices in sync with best practices followed globally

Detecting issues even before they come to the attention of other people

The Security Solution Provided By Flatworld

Flatworld provided an effective solution to safeguard the cloud by means of an Information Security Program and implementing the best practices in information security. The first step of the process was to identify the points where the system was most vulnerable: this was done based on the OWASP Top 10 criteria by means of penetration tests. Following the tracking of vulnerabilities, our software team resolved the concerns and then repeated tests to check for remaining or any newly emerged issues.

After consulting with the management at customer's end, we built a Calendar of Activities. We assigned Information Security Officers (ISO) who efficiently liaised with the customer to implement best practices of information security in coherence with global standards as well as the IT security policies of the end clients our customer serviced.

Steps We Followed

Discussed concerns with the management

Assessed the prevailing IT Security Policy of the company to identify the cause of the problems being faced by the company

Chalked out a Calendar of Activities in coordination with the management

Implemented the best practices in security

Improved the control environment by executing best practices followed by the industry

Listed potential assets for the purpose of security testing

Tested vulnerabilities to remove all inaccuracies and false positives from the system

Executed advanced testing techniques which worked efficiently against all verified vulnerabilities

Discussed findings of vulnerabilities and threat assessment and suggested corrective actions to customers